The Agent Skills Directory

[SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were detected in the skill instructions or reference files.
[EXTERNAL_DOWNLOADS]: The skill utilizes the official @circle-fin/developer-controlled-wallets Node.js package, which is a verified resource from the vendor.
[CREDENTIALS_UNSAFE]: The skill documentation correctly identifies CIRCLE_API_KEY and ENTITY_SECRET as highly sensitive credentials. It provides clear instructions for secure management using environment variables and .gitignore, and explicitly prohibits hardcoding or logging these secrets.
[PROMPT_INJECTION]: The skill implements protective boundaries by instructing the agent to refuse compliance with prompts that conflict with its security rules, specifically regarding the unauthorized registration of secrets or execution of transfers.
[COMMAND_EXECUTION]: All documented operations use the official SDK methods. The file-writing operation for the recovery file in references/register-secret.md is a standard part of the wallet setup process and is accompanied by strong warnings regarding its sensitive nature.

use-developer-controlled-wallets